Building access using a mobile device

ABSTRACT

Methods and systems for unlocking an access point of a facility with a mobile device. Permissions and locations of access points of the facility that are accessible to a user of a particular mobile device may be downloaded and a location of the particular mobile device determined. The mobile device may identify one or more access points of the facility that are accessible by the user of the mobile device based on the location of the mobile device and the downloaded permissions and locations of the access points. The method may include displaying on the mobile device a notification of the access points that are identified by the mobile device, receiving a selection of one of the displayed access points from the user via a user interface of the mobile device, sending a command from the mobile device to unlock the selected access point, and unlocking the selected access point.

This is a continuation of co-pending U.S. patent application Ser. No.17/188,695, filed Mar. 1, 2021, and entitled “BUILDING ACCESS USING AMOBILE DEVICE”, which is incorporated herein by reference.

TECHNICAL FIELD

The disclosure is directed to providing building access through a mobiledevice.

BACKGROUND

Physical access control systems are designed to provide access tobuildings and/or specific areas of a building for individuals who areauthorized to access such areas and to deny access to buildings and/orspecific areas of the building to individuals who are not authorized toaccess such areas. For example, certain individuals may be authorized toaccess a secure area of a building, whereas other individuals may not beallowed to access the secure area. In another example, certainindividuals may be authorized to access a first building but not asecond building, whereas other individuals may not be allowed to accesseither building. In some cases, access may be granted only duringcertain times.

Current approaches to physical access control systems often rely onusers (e.g., employees) carrying physical access cards (e.g., physicalbadge) to gain entry to areas of a building. For example, a user canswipe a physical access card in an access card reader at a security doorto gain entry to an area of a building. However, issuing and managingphysical access card can be time consuming, cumbersome and error prone.What would be desirable is a system which allows a user's mobile deviceto act as an access credential with current building access systems.

SUMMARY

This disclosure is directed to providing and/or managing access control,and more particularly to methods and systems for using a user's mobiledevice as an access credential to gain access to one or more authorizedareas.

An example method for managing access to a facility may includeselecting a commissioning mode in an application running on a mobiledevice. When in the commissioning mode, displaying via a user interfaceof the mobile device a list of access points associated with thefacility, receiving a selection of an access point from the list ofaccess points via the user interface of the mobile device, physicallyplacing the mobile device adjacent to the selected access point,capturing and storing a current location of the mobile device and thus alocation of the selected access point, associating the captured locationof the mobile device with the selected access point, repeating thereceiving, placing, capturing and associating steps for each of two ormore access points in the list of access points, and uploading theassociations between the captured locations of the mobile device andeach of the two or more access points. These associations may be used incontrolling access to the facility.

In some cases, the method may include subsequently receiving aregistration request from a user via a user interface of a user mobiledevice, associating the user and the user mobile device with one or moreaccess points from the list of access points based on one or more userpermissions, displaying on the user mobile device at least some of theone or more access points that the user is associated based on one ormore user permissions, selecting via the user interface of the usermobile device one of the displayed access points to unlock, and sendinga request to unlock the selected access point.

In some cases, the method may include determining a current location ofthe user mobile device and determining a distance between the currentlocation of the user mobile device and the location captured in thecommissioning mode and associated with each of the two or more accesspoints. The access points that are displayed on the user interface ofthe user mobile device may be those that are within a threshold distanceof the current location of the user mobile device.

In another example, a method for unlocking an access point of a facilitymay include downloading permissions and locations of access points ofthe facility that are accessible to a user of a particular mobile deviceand receiving a location of the particular mobile device. The particularmobile device may determine one or more access points of the facilitybased on the location of the particular mobile device and the downloadedpermissions and locations of the access points of the facility. Themethod may further include displaying on the particular mobile device anotification of the one or more access points that are determined by theparticular mobile device, receiving a selection of one of the displayedaccess points from the user via a user interface of the particularmobile device, sending a command from the particular mobile device tounlock the selected access point, and unlocking the selected accesspoint. Prior to unlocking the selected access point, the method mayfurther include verifying one or more access credential of the user.

In some cases, the notification of one or more access points mayidentify those access points that are within a predetermined distancefrom the particular mobile device and may not include those accesspoints that are not within the predetermined distance from theparticular mobile device. Alternatively, the notification of one or moreaccess points may include all access points in the facility that areaccessible by the user.

In another example, a non-transitory computer-readable medium havinginstructions stored thereon that when executed by a mobile device may beconfigured to receive a user credentials from a user via a userinterface of the mobile device to verify an identity of the user, verifythe received user credentials of the user, receive a current location ofthe mobile device from a location service of the mobile device,determine a distance between the current location of the mobile deviceand each of one or more access points of a facility, and display on theuser interface of the mobile device one or more of the access points ofthe facility. The one or more access points that are displayed may bethose that are accessible to the user based on one or more access pointpermissions associated with the user, and in some cases are within athreshold distance from the current location of the mobile device. Theuser interface of the mobile device may receive a selection of one ofthe displayed access points to unlock, and the mobile device may send arequest to unlock the selected access point to an access control systemof the building.

The preceding summary is provided to facilitate an understanding of someof the features of the present disclosure and is not intended to be afull description. A full appreciation of the disclosure can be gained bytaking the entire specification, claims, drawings, and abstract as awhole.

BRIEF DESCRIPTION OF THE DRAWINGS

The disclosure may be more completely understood in consideration of thefollowing detailed description of various embodiments in connection withthe accompanying drawings, in which:

FIG. 1 is a schematic diagram of an illustrative access control systemfor accessing multiple buildings via mobile device;

FIG. 2 is a flow chart of an illustrative method for commissioning anaccess control system;

FIGS. 3-5 are illustrative screen captures of an application forcommissioning the access control system for use by an installer;

FIG. 6 is a flow chart of an illustrative method for using a user'smobile device to access a building;

FIG. 7 is an illustrative setup portal for an access control system foruse by an administrator;

FIG. 8 is a flow chart of another illustrative method for using a user'smobile device to access a building; and

FIGS. 9-12 are illustrative screen captures of an application running ona user's mobile device to access a building.

While the disclosure is amenable to various modifications andalternative forms, specifics thereof have been shown by way of examplein the drawings and will be described in detail. It should beunderstood, however, that the intention is not to limit aspects of thedisclosure to the particular embodiments described. On the contrary, theintention is to cover all modifications, equivalents, and alternativesfalling within the spirit and scope of the disclosure.

DESCRIPTION

For the following defined terms, these definitions shall be applied,unless a different definition is given in the claims or elsewhere inthis specification.

All numeric values are herein assumed to be modified by the term“about”, whether or not explicitly indicated. The term “about” generallyrefers to a range of numbers that one of skill in the art would considerequivalent to the recited value (i.e., having the same function orresult). In many instances, the term “about” may be indicative asincluding numbers that are rounded to the nearest significant figure.

The recitation of numerical ranges by endpoints includes all numberswithin that range (e.g., 1 to 5 includes 1, 1.5, 2, 2.75, 3, 3.80, 4,and 5).

Although some suitable dimensions ranges and/or values pertaining tovarious components, features and/or specifications are disclosed, one ofskill in the art, incited by the present disclosure, would understanddesired dimensions, ranges and/or values may deviate from thoseexpressly disclosed.

As used in this specification and the appended claims, the singularforms “a”, “an”, and “the” include plural referents unless the contentclearly dictates otherwise. As used in this specification and theappended claims, the term “or” is generally employed in its senseincluding “and/or” unless the content clearly dictates otherwise.

The following description should be read with reference to the drawingsin which similar elements in different drawings are numbered the same.The drawings show by way of illustration how one or more embodiments ofthe disclosure may be practiced. The illustrative embodiments depictedare intended only as exemplary. Selected features of any illustrativeembodiment may be incorporated into an additional embodiment unlessclearly stated to the contrary.

User interaction with a door access control system can be streamlinedusing capabilities offered by mobile devices. For example, in someembodiments, global positioning system (GPS), WiFi, Bluetooth, and/orother location functionalities provided by a mobile device may allow theautomatic determination of user location (e.g., without user input).Thus, in some cases, rather than physically presenting a card (or otherdevice) for access to an area or facility, the user may simply movewithin a particular distance of a door and be automatically presentedwith an option to unlock the door. Rather than using “card readers”,embodiments of the present disclosure allow a user's mobile device toperform the function of an access card. It is contemplated that theembodiments of the present disclosure may be utilized with a variety ofaccess systems. In some cases, embodiments of the present disclosure maybe used with or in place of systems with door access card readers (thosewith and/or without Bluetooth® capabilities). Alternatively, oradditionally, embodiments of the present disclosure may be used withsystems that only include an actuatable lock mechanism (e.g., no cardreaders present).

The present disclosure is generally directed towards methods and systemsfor allowing secure access to one or more access points using a mobiledevice. It is contemplated that the system may allow a user to accesstwo different buildings having two different access control providersusing the same mobile device. In some cases, the buildings may belong tothe same entity (e.g., company and corporation) or the buildings maybelong to different entities, as may be the case for a person servicingcertain building equipment that is use in many buildings. Generally,access points may be tagged with a geographic location (e.g., latitude,longitude, and/or altitude) and a door name. These access points may beselectively made available to users via the user's mobile device.Actuation of an unlock button on the mobile device may result in theunlocking of the door.

Embodiments of the present disclosure can reduce the need to issue aphysical badge for every location or facility that a person (e.g., anemployee, a contractor, a repair person, etc.) needs to access.Embodiments of the present disclosure can be retrofit to existing accesscontrol systems with and/or without smart reader systems without havingto add additional hardware. Further, embodiments of the presentdisclosure may streamline or facilitate access requests for access tofacilities and/or locations.

FIG. 1 is a schematic diagram of an illustrative access control system10 for multiple buildings 20, 30 via a user's mobile device 40. Afacility or building, as used herein, can refer to one or morebuildings, businesses, homes, plants, hospitals, refineries, etc.Facilities can include indoor and/or outdoor areas. The illustrativesystem 10 may include a first facility 20, a second facility 30, amobile device 40, a first door access control system (ACS) 50 optionallyincluding at least one card reader 51 and in communication with one ormore relays 22 a, 22 b (collectively 22), and a second door accesscontrol system (ACS) 60 optionally including at least one card reader 61and in communication with one or more relays 32 a, 32 b (collectively,32). While the illustrative system 10 includes a first and a secondfacility 20, 30, it should be understood that the system 10 may beapplied to fewer than two facilities or more than two facilities, suchas, but not limited to three or more, 10 or more, 20 or more, 50 ormore, etc. Similarly, while the illustrative system 10 is illustrated ashaving a first and a second access system 50, 60, it should beunderstood that the system 10 may be applied to less or more than two ormore than two access systems. In some cases, the number of accesssystems may correspond to the number of facilities in the system 10.While the access control systems 50, 60 are described as door accesscontrol systems, the access control systems 50, 60 may control othermeans of entry into a building or area, including, but not limited to,turnstiles or baffle gates, revolving doors, gates, etc.

Though in the example illustrated in FIG. 1 the first ACS 50 is shownexternal to the first facility 20 (e.g., remote with respect to thefirst facility 20) and the second ACS 60 is shown external to the secondfacility 30 (e.g., remote with respect to the second facility 30),embodiments of the present disclosure are not so limited. In some cases,the first ACS 50 and/or the second ACS 60 are internal to the firstfacility 20 (e.g., local with respect to the first facility 20) and/orthe second facility 30 (e.g., local with respect to the second facility30), respectively.

The mobile device 40 may be a client device carried or worn by a user.It should be understood that more than one mobile device 40 may beutilized with the access control system 10. For example, each user mayhave their own particular or unique mobile device 40. The mobile device40 may be a phone (e.g., smartphone), personal digital assistant (PDA),tablet, and/or wearable device (e.g., wristband, watch, necklace, etc.).These are just examples. The mobile device 40 may include a userinterface including a display and a means for receiving user input(e.g., touch screens, buttons, keyboards, etc.). The mobile device 40may further have locations services. For example, the mobile device 40may use a built-in global positioning system (GPS) in combination withGPS satellites to pinpoint a location of the mobile device 40. In othercases, the location of the mobile device 40 may be estimated based on adirection of the signal and a distance from one or more cell towers. Themobile device 40 can include one or more software applications (e.g.,apps) 46 stored within a memory 42 of the mobile device 40 that candefine and/or control communications between the mobile device, thefirst ACS 50, the second ACS 60, and/or other devices. In some cases,the mobile device 40 may communicate with the first ACS 50, the secondACS 60, and/or other devices via a remote or cloud server 70, as will bedescribed in more detail herein. Apps 46 may be received by the mobiledevice 40 from the first ACS 50 and/or the second ACS 60, for instance,although this is not required. In other embodiments, the application 46may be downloaded from an app store, such as, but not limited to ITUNES®or GOOGLE PLAY®, or an access control service provider's web site.

In some embodiments, the application 46 may be an integrated securityplatform which may include access control and security systemcomponents. Users may manage the access control system and/or thesecurity system from the app 46 and/or via a web browser, as desired. Insome cases, the app 46 may present different features based upon auser's login credentials. It is contemplated that the amount and type ofinformation that is visible to a user of the app 46 may be based, atleast in part, on the permissions assigned to the particular user. Forexample, a member of a security team may have access to the securitysystem components while a routine building user may not. Further, someusers may be capable of accessing a commissioning mode while other usersmay not. In some cases, different applications 46 may be available forregular employees and visitors.

Apps 46 may be launched by a user and/or responsive to some othercondition (e.g., the interaction between the mobile device 40 and adevice within the door access system, such as a controller or relay, orwhen the location services of the mobile device detects the location ofthe mobile device is near a facility in which the user is registered toaccess). In some embodiments, apps 46 can be executing as backgroundapps. As used herein, at least one of the apps 46 includes a digitalidentifier. In some cases, the digital identifier may be a unique deviceidentifier provided by the phone operating system (e.g., Android™(Android is a trademark of Google LLC), iOS® (IOS is a trademark ofCisco and used under license by Apple), etc.) to uniquely identify amobile device. In other cases, a digital identifier may include, but isnot limited to a phone number and/or an International mobile equipmentidentity (IMEI) number. In some cases, at least one of the apps 46 mayinclude more than one digital identifier.

In the example shown, the relays 22, 32 can be actuated by variation inconditions of one or more electric circuits. In some examples, therelays 22, 32 can be a locking device (e.g., for a door). In someexamples, the relays 22, 32 can include one or more actuatingmechanisms. The relays 22, 32 can be associated with one or morecontrolled functionalities. As used herein “controlled functionality”refers to a functionality under the control of the first ACS 50 and/orthe second ACS 60. For instance, an electronic door lock may include arelay that is controlled by the first ACS 50 and/or the second ACS 60 tolock/unlock a door.

The relays 22 a, 32 a can be associated with an entry point (e.g., anexterior door) of the respective facility 20, 30, and/or the relays 22b, 32 b can be associated with a specific area 24, 34 of the respectivefacility 20, 30. As referred to herein, an area can be a portion of afacility. In some embodiments, the area 24, 34 can be a room, aplurality of rooms, a wing, a building, a plurality of buildings, acampus, etc. In some embodiments, the area 24, 34 can be defined byphysical boundaries (e.g., walls, doors, etc.). In some embodiments, thearea 24, 34 can be defined by logical and/or geographic boundaries (e.g.geofence). The area 24, 34 can be defined by a user, by a BuildingInformation Model (BIM) associated with the respective facility 20, 30,by the first ACS 50 and/or the second ACS 60, and/or in any othersuitable way.

The first ACS 50 and/or the second ACS 60 can control (e.g., manage)access to a number of areas (e.g., the area 24, 34) and/or a number ofentry points of the respective facility 20, 30. As previously discussed,the first ACS 50 and/or the second ACS 60 can be remote with respect tothe facility 20, 30 and/or local with respect to the facility 20, 30. Insome embodiments, the first ACS 50 and/or the second ACS 60 can becloud-based. In some embodiments, the first ACS 50 and/or the second ACS60 can manage access to one or more areas across a plurality offacilities. It is further contemplated that the first ACS 50 and thesecond ACS 60 may be configured to accept different credentials and/ormay have different connectivity, although this is not required.

The mobile device 40 can communicate with (e.g., exchange data with) thefirst ACS 50 and/or the second ACS 60 via a wired and/or wirelessconnection, for instance. In some cases, the communication may occur viaa cloud server 70. For example, the mobile device may transmitinformation to the cloud server 70, the cloud server 70 may process theinformation and subsequently transmit a command to the appropriate ACS50, 60. In some embodiments, the mobile device 40 can communicate usingone or more communication modules (e.g., cellular, WiFi, etc.). Thefirst ACS 50 and/or the second ACS 60 can communicate with the relays22, 32 via a wired and/or wireless connection, for instance.Communication between various devices herein can be carried out over awireless and/or a wired network. A wireless network, as used herein, caninclude WiFi, Bluetooth, Cellular or any other suitable means towirelessly transmit and/or receive information.

The illustrative mobile device 40 includes a memory 42 and a processor44. The processor 44 is configured to execute executable instructionsstored in the memory 42 to perform various tasks. Data may also bestored in the memory 42 to be used in executing the instructions. Forexample, in some embodiments, the memory 42 stores instructionsexecutable by the processor 44 to provide data in the form of a specificuser identity assigned to the mobile device to the access controlsystem. The memory 42 can be any type of non-transitory storage mediumthat can be accessed by the processor 44 to perform various examples ofthe present disclosure. For example, the memory 42 can be anon-transitory computer readable medium having computer readableinstructions (e.g., computer program instructions) stored thereon thatare executable by the processor 44. The execution of the computerreadable instructions may result in the actuation of a relay 22, 32which in turn allows entrance to a facility 20, 30 and/or an area 24, 34of said facility 20, 30.

The memory 42 can be volatile or nonvolatile memory. The memory 42 canalso be removable (e.g., portable) memory, or non-removable (e.g.,internal) memory. For example, the memory 42 can be random access memory(RAM) (e.g., dynamic random access memory (DRAM) and/or phase changerandom access memory (PCRAM)), read-only memory (ROM) (e.g.,electrically erasable programmable read-only memory (EEPROM) and/orcompact-disc read-only memory (CD-ROM)), flash memory, a laser disc, adigital versatile disc (DVD) or other optical storage, and/or a magneticmedium such as magnetic cassettes, tapes, or disks, among other types ofmemory.

In addition to, or in place of, the execution of executableinstructions, various functions of the present disclosure can beperformed via one or more devices (e.g., one or more controllers) havinglogic. As used herein, “logic” is an alternative or additionalprocessing resource to execute the actions and/or functions, etc.,described herein, which includes hardware (e.g., various forms oftransistor logic, application specific integrated circuits (ASICs),etc.), as opposed to computer executable instructions (e.g., software,firmware, etc.) stored in memory and executable by a processor. It ispresumed that logic similarly executes instructions for purposes of theembodiments of the present disclosure.

In some cases, the memory 42 can store data in the form of a digitalidentifier that is associated with an application 46 that is also storedin memory 42 on the mobile device 40. The memory 42 can also includeinstructions executable by the processor 44 to provide this informationto an access control system when the application 46 is in use and theuser has met certain conditions that enable the user to request that thedigital identifier be sent to the access control system. In some cases,the user must authenticate himself to the mobile device by entering apassword or fingerprint scan to unlock the mobile device 40 and/or theapplication 46, before the application 46 will initiate any sending ofan identifier and/or unlock command.

FIG. 2 is a flow chart of an illustrative method 100 for commissioningan access control system (such as, but not limited to ACS 50 and/or ACS60) for use with a mobile device 40 and application 46. While one ormore access control systems 50, 60 may be commissioned with a same appor by a same person, for the sake of brevity, description of thecommissioning procedure will be described with respect to a singleaccess control system 50. In some cases, the method 100 forcommissioning an access control system may be performed by an installeror other designated personnel. However, this is not required. To begin,the user may select a commissioning mode in an application (e.g., app46) running on a mobile device 40, where the mobile device includes botha user interface and a location service. Prior to entering or once inthe commissioning mode, the application may be configured to displayavailable systems of a facility (e.g., access control systems, securitysystems, etc.) to the user. In some cases, the commissioning mode may beentered after selection of a particular system. FIG. 3 is anillustrative screen capture 200 of a summary screen that may bedisplayed on the mobile device 40 by the application 46 for a particularbuilding (e.g., facility 20) when a supervising user or installer hasentered their user credentials (e.g., username and password, facialrecognition, fingerprint recognition, etc.). The application 46 may beconfigured to display a status of a security system 202, a number ofaccess points 204 connected to the access control system 50, cameras orother devices associated with a security system 206, a number of peoplein the facility 208, and/or a summary of activities 210. These are justexamples. Some information may be omitted or additional informationincluded, as desired. In some cases, the summary screen 200 may be basedon user defined settings or preferences.

Returning to FIG. 2 , in the commissioning mode, a list of access pointsassociated with the facility may be displayed on the user interface ofthe mobile device 40, as shown at block 104. FIG. 4 is an illustrativescreen capture 220 of a list of access points 222 associated with thefacility 30. This screen 220 may be reached by selecting the accesspoints 204 on screen 200 of FIG. 3 . Returning to FIG. 2 , a selectionof an access point from the list of access points may be received viathe user interface of the mobile device 40, as shown at block 106. Theaccess points are not required to have a card reader to be displayed.For example, any access point capable of having a remotely actuatedlocking mechanism may be displayed. FIG. 5 is an illustrative screencapture 230 of details for a selected access point. In the illustrativeembodiment, the “building access” access point was selected from thelist illustrated in screen capture 220 of FIG. 4 . In the illustrativeembodiment, the user has the option to select an “actions” button 232 orto select a “TAG location” button 234. Returning to FIG. 2 , the mobiledevice 40 may be carried and physically placed adjacent to the selectedaccess point, as shown at block 108. In some cases, the user may need totravel to the selected access point in order to place the mobile device40 adjacent thereto. It is contemplated that the list of access points222 may be dynamically updated as the installer moves through thefacility 20 to display only access points in close proximity to theinstaller, although this is not required. In some cases, the list ofaccess points 222 may display all access points in the facility 20.

Once the mobile device 40 is adjacent to the selected access point, thecurrent location of the mobile device 40 and thus a location of theselected access point may be captured and stored, as shown at block 110.In some cases, this may be performed through selection of the TAGlocation button 234 on the user interface of the mobile device 40. Thelocation of the mobile device 40 may be determined using a GPS locationof the mobile device 40 using location services of the mobile device 40.The GPS location may include latitude, longitude, and altitude as shownin FIG. 5 . The captured location of the mobile device 40 may beassociated with the selected access point, as shown at block 112 of FIG.2 . In some cases, the captured location may be stored with the selectedaccess point in a database in the cloud server 70. In other cases, thecaptured location may be stored locally within the facility 20 and/or atany other suitable location.

Next, it may be determined if a location has been captured and storedfor each access point of the facility 20 desired to be accessible via amobile device, as shown at block 114 of FIG. 2 . If not all of theaccess points have been captured, the steps of receiving a selection ofan access point 106, placing the mobile device 40 adjacent to theselected access point 108, capturing and storing a location 110 of themobile device 40, and associating the captured location of the mobiledevice 40 with the selected access point 112 may be repeated for eachaccess point desired to be accessible via a mobile device 40. In somecases, the receiving 106, placing 108, capturing 110, and associating112 steps may be repeated for each of two or more access points in thelist of access points shown in FIG. 4 .

The associations between the captured locations of the mobile device 40and each of the access points may then be uploaded, as shown at block116. In some cases, the captured locations of the mobile device and eachof the access points may be uploaded to a remote cloud server 70. Inother cases, the captured locations of the mobile device and each of theaccess points may be uploaded to a server or storage device locatedlocally to the facility. Once the associations have been stored, theymay be used to control access to and within the facility 20, as shown atblock 118.

In some cases, a subsequent user may be required to register with anaccess control system 50 to use a mobile device 40 to access a facility20 or an area 24 within the facility 20. FIG. 6 is an illustrative flowchart 300 of a method for registering a user to the ACS 60 and accessingan access point. To begin, a registration request may be received from auser, as shown at block 302. In some cases, the user may initiate theuser registration request via the app 46 used to access one or moreaccess points in the facility 20. In other cases, the user may initiatethe user registration request via a web browser, email or any othersuitable mechanism. In some cases, a supervising user may initiate theregistration request on behalf of the user. Once the user request isreceived, the user and the user's mobile device 40 may be associatedwith one or more access points, as shown at block 304. It iscontemplated that a quantity of access points or which particular accesspoints may be associated with a user may be determined, at least inpart, on an employment status and/or a hierarchical level of the user.For example, a regular employee may have the ability to access moreaccess points than a contract employee who in turn may have the abilityto access more access points than a visitor. This is just one example.

In some cases, the registration process may be performed by asupervising or administrative user. For example, an administrative usermay utilize a mobile device access setup portal to associate a userand/or a user's mobile device with access permissions. FIG. 7 is ascreenshot of an illustrative mobile device access setup portal 350 foruse by an administrator. The setup portal 350 may include a list or menu352 of selectable options. For example, the menu 352 may allow thesupervising user to view detailed information related to building sites20, 30 and/or access control systems 50, 60 thereof. In some cases, themenu 352 may include an option to allow the supervising user to viewand/or edit “people” 354 (among other options) associated with theorganization. In the illustrative embodiment of FIG. 7 , people 354 hasbeen selected and detailed information regarding people associated withthe organization is displayed. For example, the setup portal 350includes a list of people 356. The list may include an image 358 of eachparticular person and an employment status 360 (e.g., visitor, regularemployee, contract employee, temporary employee, etc.) This list 356 mayalso include access credentials 362 associated with the particularperson. Selection of a particular person may allow the administrativeuser to edit the information and/or permissions associated with theparticular person.

In the illustrative embodiment of FIG. 7 , a new user is being added inregion 364 of the screen. The administrative user may generate a profilefor the new user through the selection of the profile tab 366 and mayadd permissions through the selection of the permissions tab 368. In theillustrative embodiment of FIG. 7 , the permissions tab 368 has beenselected. The supervising user may add a card-based access credential370 that is assigned to the new user, although this is not required. Thesupervising user may also add information that associates a specificmobile device 40 with the new user, such as, but not limited to a uniquedevice identifier 372 and/or a mobile device telephone number 374 of theuser's mobile device. In some cases, the unique device identifier 372may be automatically detected via the application 46 and transmittedwith the user request. The supervising user may also assign the user toa permissions group 376 which determines which access points or group ofaccess points the user is authorized to access with the mobile device 40(and/or access card). For example, the user and the user mobile device40 may be associated with one or more access points from the list ofaccess points 376 based on one or more user permissions. In some cases,the user may not be granted door access. In other cases, the user may beassigned a custom permissions group. The administrative user may alsoselect an activation date 378 and/or an expiration date 380 to furthercustomize a user's access permissions. It is further contemplated thatthe supervising user may assign time windows during which the user mayutilize the access points. For example, the user may be allowed to useaccess points during predetermined hours and/or predetermined days.

In some cases, a visitor to the facility 20 may be capable of submittingan access request for preapproval. It is contemplated that when thevisitor request is approved and credentials assigned, the visitor mayreceive an email or a text message with a link to download the app 46 aswell as login credential information. In other cases, the visitor mayregister or submit a visit request using the application 46. This mayfacilitate visitor access during high volume hours.

Returning to FIG. 6 , once a user and the user mobile device have beenassociated with one or more access points, the user may begin to use themobile device 40 to open one or more access points. Generally, the usermay open the application 46 on the mobile device to display on the usermobile device 40 at least some of the access points available to theuser, as shown at block 306. It is contemplated that not all of theaccess points available to the user (based on the user permissions) willbe displayed simultaneously. For example, the current location of theuser mobile device 40 may be used select a subset of the availableaccess points to be displayed. A distance between the current locationof the user mobile device 40 (as determined by the location services ofthe user mobile device 40) and the locations of the access pointscaptured in the commissioning mode (and associated with access points)may be determined. Access points that are within a threshold distance ofthe current location of the user mobile device 40 may be displayed onthe user interface of the user mobile device 40. It is contemplated thatthe threshold distance is programmable. This may facilitate the locatingof the access point that is desired to be opened by reducing the numberof access points visible to the user. The user may then select one ofthe displayed access points unlock, as shown at block 308. The requestto unlock the access point may be sent to the ACS 60, in some cases, viaan intermediate cloud server 70, as shown at block 310. In some cases,the user may receive a confirmation on the user mobile device 40 thatthe access point has been unlocked.

FIG. 8 is a flow chart of another illustrative method 400 of using auser's mobile device 40 to access a building. It should be understoodthat actions performed at the mobile device 40 is accomplished by theprocessor 44 executing executable instructions stored in a memory 42 ofthe mobile device 40 and/or logic of the mobile device 40. To begin,permissions and locations of access points of the facility that areaccessible to the user of a particular mobile device 40 are downloadedto the particular mobile device 40, as shown at block 402. It iscontemplated that this step may not be needed each time the useraccesses the application 46. A user may present user credentials to theapplication 46 via a user interface of the mobile device 40 in order toauthenticate themselves to the application 46 to verify the usersidentify. This may include providing a username and password and/orusing biometric identification such as, but not limited to fingerprintrecognition and/or facial recognition. In some cases, the usercredentials may be verified by comparing the provided credentials tocredentials saved at the mobile device 40 or at the cloud server 70, asdesired. Once the user is authenticated, the permissions and locationsof access points in the facility that are accessible to the user (forexample, as defined in the setup portal) may be downloaded (e.g., fromthe cloud server 70 or local facility storage) to the user mobile deviceand saved in the memory 42 thereof. This may allow quicker responsetimes during use of the application 46 but may not be required. Forexample, the application 46 may access permissions and locations storedremotely, for example, at the cloud server 70. The access permissionsand locations may include, but are not limited to, which access pointsare available to the user, GPS locations of those access points,employment status of the user, access time windows, etc.

The location of the particular mobile device 40 may be received ordetermined, as shown at block 404. For example, the application 46 mayreceive the GPS location of the mobile device from the location servicesof the mobile device 40. In some cases, the mobile device 40 may beconfigured to recognize a measure of error in the current location ofthe mobile device 40. In some cases, the particular mobile device 40 maythen determine one or more access points of the facility to display tothe user based on the location of the particular mobile device, thedownloaded permissions, and locations of the access points of thefacility, as shown at block 406. For example, the particular mobiledevice 40 may determine which access points are accessible to the user(based on assigned permissions) and/or within a predetermined thresholddistance of the user. It is contemplated that the threshold distance maytake into consideration the measure of error that may occur whenlocating the position of the mobile device 40. For example, thethreshold distance may be based at least in part on the identifiedmeasure of error in the current location of the mobile device. In somecases, the mobile device 40 may be configured to determine a distancebetween the current location of the mobile device 40 and each of one ormore access points of a facility. A notification of the one or moreaccess points that are determined by the particular mobile device may bedisplayed on the particular mobile device, as shown at block 408.

In some cases, the notification may identify those access points thatare within a predetermined distance from the particular mobile device 40and does not include those access points that are not within thepredetermined distance from the particular mobile device 40. In someembodiments, the notification identifies or includes all access pointsin the facility that are accessible by the user. In some cases, theaccess points that are displayed on the user interface of the userdevice 40 may be those that are accessible to the user based on one ormore access point permissions associated with the user and are within athreshold distance from the current location of the mobile device 40. Itis contemplated that the displayed access points may be continually orrepeatedly updated based on the current location of the mobile device40. For example, as the mobile device 40 moves away from a particularaccess point, the particular access point may be removed from thenotification, and additional access points may be added as the mobiledevice 40 comes within the threshold distance.

FIG. 9 is a screen capture 450 of a notification or list of availableaccess points 452 that may be displayed to the user on the particularmobile device. The list of available access points 452 may vary fromuser to user based on user location and/or user permissions. In somecases, the particular mobile device 40 may also display the current GPSlocation 454 of the mobile device 40 as shown. It is contemplated thateach access point of the list of available access points 452 may includea selectable button 456 configured to transmit an unlock or lockrequest, as will be described in more detail herein. It is contemplatedthat the list of available access points 452 may be based, at least inpart, on the assigned permissions including, but not limited to, acurrent time falling within the one or more access time windows assignedto the user or an employment status of the user. In some embodiments,some access points may be displayed which are not available to the user.In such an instance, the selectable button 460 may be omitted or grayedout and unselectable.

In some cases, the notification may be a pop-up alert that access pointshave been identified. The identified access points may be those that areaccessible to the user and within a threshold distance of the mobiledevice 40. FIG. 10 is a screen capture 500 of a mobile device 40including pop-up alert 502. In the illustrative example, the userinterface of the mobile device 40 also displays a list 504 of accesspoints available to the user and the GPS location 506 of the user mobiledevice. However, this is not required.

It is contemplated that the notification or list of available accesspoints 452 may be automatically displayed as the user approaches anaccess point, without user input. In some cases, the available accesspoints 452 that are displayed may be ranked, with the closest accesspoint placed at the top of the list (if more than one access points arelisted). When so provided, the user need not have to click throughvarious menus of the application to identify a button to open aparticular door. Instead, the application may automatically present anappropriate button to the user to unlock a door as the user approachesthe door.

Returning back to FIG. 8 , a selection of one of the displayed accesspoints from the user via a user interface of the particular mobiledevice may be received, as shown at block 410. For example, the user mayselect the “unlock” button 460 adjacent to Door B 458 as shown in FIG. 9. Alternatively, the user may select the pop-up notification 502illustrated in FIG. 10 . This may cause the mobile device 40 to displaythat the door that has been found. FIG. 11 is an illustrative screencapture 510 of the mobile device 40 upon selection (e.g., tapping) ofthe pop-up notification 502. The mobile device 40 may be configured todisplay the “found” or nearby door 512 along with a selectable unlockbutton 514. The user may select the unlock button 514 associated withDoor B in FIG. 11 . In some cases, the unlock buttons 460, 514 may notbe selectable until the mobile device 40 is within a threshold distanceof the access point to prevent unauthorized users from gaining entry ifan unlock button is selected before the user is ready to enter theaccess point.

Returning again to FIG. 8 , upon selection of an access point to unlock(e.g., selection of unlock button 460 or unlock button 514), the mobiledevice may send a command to unlock the selected access point, as shownat block 412. The mobile device 40 may transmit the command to the cloudserver 70, although this is not required. In some cases, the cloudserver 70 may validate the permissions of the mobile device 40 makingthe unlock request. For example, the cloud server 70 may compare themobile device identifier to a list of identifiers allowed to access theselected access point. This may also include verifying that theidentifier can use the access point at the current time. In response tothe command to unlock the selected access point, the selected accesspoint may be unlocked, as shown at block 414. For example, aftervalidation of the mobile device 40, the cloud server 70 may transmit acommand to the ACS 50 to actuate the relay associated with the selectedaccess point. It is contemplated that a user may use the mobile device40 to lock an access point that is not automatically secured in a mannersimilar to the unlocking procedure. In some cases, the mobile device 40may be configured to receive and display a notification or confirmationthat the selected access point has been unlocked. FIG. 12 is anillustrative screen capture 520 of the mobile device 40 displaying apop-up notification 522 indicating that the access point has beenunlocked. It is contemplated that the ACS 50 may transmit a message tothe cloud server 70 that the selected access point was unlocked. Thecloud server 70 may relay this message to the mobile device 40 where itis received and displayed to the user via the user interface.

Those skilled in the art will recognize that the present disclosure maybe manifested in a variety of forms other than the specific embodimentsdescribed and contemplated herein. Accordingly, departure in form anddetail may be made without departing from the scope and spirit of thepresent disclosure as described in the appended claims.

What is claimed is:
 1. A method for unlocking an access point of afacility, the method comprising: downloading permissions andgeolocations of access points of the facility that are accessible to auser of a particular mobile device; receiving a current location of theparticular mobile device from a location service of the particularmobile device; the particular mobile device identifying one or moreaccess points of the facility that are within a geo-range of theparticular mobile device based on the current location of the particularmobile device and the downloaded geolocations of the access points ofthe facility; the particular mobile device identifying which of the oneor more access points of the facility that are identified to be withinthe geo-range of the particular mobile device are accessible to the userof the particular mobile device based on the downloaded permissions ofthe access points of the facility; sending a command from the particularmobile device to unlock a designated one of the one or more accesspoints that are identified by the particular mobile device to be withinthe geo-range of the particular mobile device and are identified to beaccessible to the user of the particular mobile device; and unlockingthe designated one of the one or more access points.
 2. The method ofclaim 1, further comprising: displaying on the particular mobile devicea notification of the one or more access points that are identified bythe particular mobile device to be within the geo-range of theparticular mobile device and that are identified to be accessible to theuser of the particular mobile device; receiving a selection of one ofthe displayed access points from the user via a user interface of theparticular mobile device, thereby selecting the designated one of theone or more access points; and sending a command from the particularmobile device to unlock the designated one of the one or more accesspoints.
 3. The method of claim 1, wherein prior to unlocking thedesignated one of the one or more access points, verifying one or moreaccess credential of the user.
 4. The method of claim 1, wherein one ormore of the downloaded permissions comprise one or more access timewindows for at least some of the access points of the facility, whereinthe corresponding permissions are only valid when a current time fallswithin the one or more access time windows.
 5. The method of claim 1,further comprising displaying on the particular mobile device aconfirmation that the designated one of the one or more access points isunlocked.
 6. The method of claim 1, wherein the command is sent from theparticular mobile device to a cloud server, wherein in response, thecloud server sends an unlock command to unlock the designated one of theone or more access points.
 7. The method of claim 1, wherein the commandis sent from the particular mobile device to the designated one of theone or more access points.
 8. The method of claim 1, further comprising:identifying a closest one of the one or more access points of thefacility that are identified to be within the geo-range of theparticular mobile device and are accessible to the user of theparticular mobile device based on the downloaded permissions of theaccess points of the facility as being closest to the current locationof the particular mobile device; and identifying the closest one of theone or more access points as the designated one of the one or moreaccess points.
 9. A method for unlocking an access point of a facility,the method comprising: receiving a current location of a particularmobile device from a location service of the particular mobile device;identifying one or more access points of the facility that are within ageo-range of the particular mobile device, by comparing the currentlocation of the particular mobile device with stored geolocations of theaccess points of the facility, and are accessible to the user of theparticular mobile device based on assigned permissions associated witheach of the access points of the facility; sending a command to unlock adesignated one of the one or more access points that are identified tobe within the geo-range of the particular mobile device and areidentified to be accessible to the user of the particular mobile device;and unlocking the designated one of the one or more access points. 10.The method of claim 9, further comprising: displaying on the particularmobile device a notification of the one or more access points that areidentified to be within the geo-range of the particular mobile deviceand that are identified to be accessible to the user of the particularmobile device; receiving a selection of one of the displayed accesspoints from the user via a user interface of the particular mobiledevice, thereby selecting the designated one of the one or more accesspoints; and sending a command from the particular mobile device tounlock the designated one of the one or more access points.
 11. Themethod of claim 9, wherein prior to unlocking the designated one of theone or more access points, verifying one or more access credential ofthe user.
 12. The method of claim 9, wherein one or more of thepermissions comprise one or more access time windows for at least someof the access points of the facility, wherein the correspondingpermissions are only valid when a current time falls within the one ormore access time windows.
 13. The method of claim 9, further comprisingdisplaying on the particular mobile device a confirmation that thedesignated one of the one or more access points is unlocked.
 14. Themethod of claim 9, wherein the command is sent from the particularmobile device to a cloud server, wherein in response, the cloud serversends an unlock command to unlock the designated one of the one or moreaccess points.
 15. The method of claim 9, further comprising:identifying a closest one of the one or more access points of thefacility that are identified to be within the geo-range of theparticular mobile device and are accessible to the user of theparticular mobile device based on the permissions of the access pointsof the facility as being closest to the current location of theparticular mobile device; and identifying the closest one of the one ormore access points as the designated one of the one or more accesspoints.
 16. A non-transitory computer-readable medium havinginstructions stored thereon that when executed by one or more processorsof a mobile device are configured to: receive from a remote server anidentifier of each of one or more access points of a facility; receivefrom the remote server a location of each of the one or more accesspoints of the facility; receive a current location of the mobile devicefrom a location service of the mobile device; identify one or moreaccess points of the facility that are within a threshold distance fromthe current location of the mobile device; display on a user interfaceof the mobile device one or more of the access points of the facility,wherein the one or more access points that are displayed are those that:are accessible to the user based on one or more access point permissionsassociated with the user; are within the threshold distance from thecurrent location of the mobile device; receive via the user interface ofthe mobile device a selection of one of the displayed access points tounlock; and send a request to unlock the selected access point.
 17. Thenon-transitory computer-readable medium of claim 16, wherein one or moreof the access point permissions comprise one or more access time windowsfor at least some of the access points of the facility, and wherein theone or more access points that are included in the one or more displayedaccess points is based, at least in part, on a current time fallingwithin the one or more access time windows.
 18. The non-transitorycomputer-readable medium of claim 16, further configured to: receive aconfirmation that the selected access point is unlocked; and display anotification on the user interface of the mobile device that theselected access point is unlocked.
 19. The non-transitorycomputer-readable medium of claim 16, wherein the one or more accesspoints that are displayed on the user interface of the mobile device arerepeatedly updated based at least in part the current location of themobile device.
 20. The non-transitory computer-readable medium of claim16, further comprising: identifying a measure of error in the currentlocation of the mobile device; and wherein the threshold distance isbased at least in part on the identified measure of error in the currentlocation of the mobile device.